Solved

Random Posword not Updating in Database

Posted on 2004-04-28
7
344 Views
Last Modified: 2008-02-01
Hi there,

The scripts below, remember_me.php and function.inc.php are supposed to generate a random password and update corresponding field in the database.

Once prompted, they generate the random password and sends them to the user's email.  But the generated password is not updated in the database and so the user cannot login.

Can someone help me where I'm going wrong.

remember_me.php Script
===================
<?php
//brians code start here
include "functions.inc.php";
include "error_messages.inc.php";
//action=add means usr pressd the submit button
if ($action =="email")
{
 $error_found=false;
 $error="";
 //start validating the user input
 if($email=="")
 {
  $error_found=true;
  $error.=ERR_EMAIL_BLANK;
 }

if(!$error_found)
{
      {
            //{
            $host="mysql.xcalibre.co.uk";
            $uname="xxxxxx";
            $pass="xxx";
            $database="xxxxx";
            $tablename="g_workers";

            $connect= mysql_connect($host,$uname,$pass) or die("Could not connect you to Bizafrican Database! <br>");

            $selectdb=mysql_select_db($database) or die("Could not select the Bizafrican Database for you");

            $mingle   = "decode(password, '".$password."')";  
            $sqlquery = ("select email,username, " .$mingle. " as password from g_workers where email ='".$email ."' ");
            $queryresult = mysql_query($sqlquery,$connect)or die("could not execute the query.");
            if ($row = mysql_fetch_array($queryresult))
            {
            $email =  $row["email"];
            $from     = "dba@guardwise.com";
            $subject  =  "Guardwise.com - Important message for you";
            $message  =  "Your username is:  ". $row["username"]."\n".
                               "Your password is:  ". new_password($row["username"])."\n";//edited here              
            $message   .=  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.\n
 DBA/Support";
             
            mail($email,$subject,$message,"From: sssssssss.com <dba@ssssssssss.com>");
            Header("Location: http://www.sssssss.com/remember_done.htm");
            exit;
            }
            else
            {

              $error_found=true;
              $error.=ERR_EMAIL_NONE;
            }
      }
}
}
?>
==========================
Functions Script
==========
<?
//this function generate the select box for the selected external file
function makeCombo($optname,$optfile,$optsel,$optex,$optremove='-1000'){ //returns string containing select tag
if(!is_array($optremove)) $optremove=explode(",",$optremove);
$combo="<select name='$optname' $optex>";
include $optfile;

foreach($manutmp as $key => $value){

      $tosel="";
      if($optsel==$key){
      $tosel="selected";
      }
            
      if(in_array($key,$optremove) == false)$combo.="<option value='$key' $tosel>$value\n";
      
      }
$combo.="</select>";
return $combo;
}

//this will return the select value from the select box
function getComboValue($optfile,$optkey){
include $optfile;
return $manutmp[$optkey];
}

//encrypt the password
function encrypt_password($input)
{
 return md5($input);
}

//generate the random password
function new_password ($userid,$length=10) {
      // if you want extended ascii, then add the characters to the array
      $characters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
      $random_str = "";
      for ($i = 0; $i <= $length; $i++) {
            srand((double)microtime()*1000000);
            $random_chr = round(rand(0, count($characters)-1));
            $random_str .= $characters[$random_chr];
      }
      
      //update the password for the user into  databae
      //update table pasword = encrypt_password($random_str)
       $db_name = "afrika";
$table_name = "biznames";
$connection = @mysql_connect("mysql.xcalibre.co.uk", "bbbbbb", "bbbbb") or die("Couldn't connect.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
       $sql = "UPDATE $table_name  
              SET  
              password = '". md5($random_str) ."'
              WHERE email = '". $email ."'    
              ";
$result = mysql_query($sql,$connection) or die("Couldn't execute query.");
      return $random_str;
}
?>
0
Comment
Question by:Senyonjo
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 125 total points
Comment Utility
Hi,

Normally, when you have a problem with an SQL query, a good bet is to scho it to screen in testing to see what's wrong.

If you did this in your case, I imagine you'd find that the WHERE clause is looking for a blank email address. Inside a function, variables that you set outside of the function aren't available by default. you have to declare them as global variables for them to be seen inside the function.

There are 2 solutions. The easiest is to put the line "global $email;" as the first line of the new-password function. This will work fine, but a better method would be to pass the email address as a third argument to the function. I'll try and dig out a link explaining why global variables aren't always the best idea, but either of those should work for now.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
Comment Utility
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
Comment Utility
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 6

Assisted Solution

by:jkna_gunn
jkna_gunn earned 125 total points
Comment Utility
also make sure that the password field can take the size of an md5 string.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now